November 2016 – Rage Against the Shell

Redirect http to https on the same port in nginx

Posted on November 19, 2016 by Mr. Reboot

Tested in Ubuntu 14 / Nginx 1.11

If you use a custom port to serve SSL and you want to force a secure connection redirecting from http to https, a solution is use error_page directive with code 497:

server {

        listen 8080 ssl;

        root /usr/share/nginx/mydomain;
        index index.html index.php;

        ssl_certificate /etc/ssl/certs/mydomain.com.crt;
        ssl_certificate_key /etc/ssl/private/mydomain.com.key;

        error_page 497  https://$host:$server_port$request_uri;

        ...

}

Don’t forget to reload nginx:

~ $ /etc/init.d/nginx reload

Varnish SSL redirect

Posted on November 6, 2016 - November 6, 2016 by Mr. Reboot

Tested in Ubuntu 14 / Debian 8 / Varnish 4.1

If you have configured nginx as SSL proxy for varnish, you could be interested in redirecting requests from HTTP to HTTPS. We are going to suppose this configuration, so first in VCL recv, add this code:

sub vcl_recv {
    ...
    if (req.http.X-Forwarded-Proto !~ "(?i)https") {
        return (synth(750, ""));
    }
    ...
}

And then in VCL synth:

sub vcl_synth {
    ...
    if (resp.status == 750) {
        set resp.status = 301;
        set resp.http.Location = "https://domain.com" + req.url;
    }
    ...
}

Finally reload varnish:

~ $ /etc/init.d/varnish reload

Mysql failover in Dovecot

Posted on November 5, 2016 - December 6, 2017 by Mr. Reboot

Tested in Debian 8 / Dovecot 2.2

In a environment with Dovecot and Mysql as backend, if you have several mysql servers in replication mode (cluster, master-master, master-slave …), you can configure dovecot to connect to these servers, so if one of them falls, dovecot will try to connect the next available one.

This is made in the configuration file of the mysql connection, in the connect parameter, host var:

~ $ cd /etc/dovecot
~ $ cat dovecot-sql.conf.ext
...
driver = mysql
connect = host=server1 host=server2 host=server3 dbname=mysql-db user=mysql-user password=mysql-password
...

Mysql failover in Postfix

Posted on November 4, 2016 - December 6, 2017 by Mr. Reboot

Tested in Debian 8 / Postfix 2.11

In a environment with Postfix and Mysql as backend, if you have several mysql servers in replication mode (cluster, master-master, master-slave …), you can configure postfix to connect to these servers, so if one of them falls, postfix will try to connect the next available one.

This is made in the configuration file of the mysql connection, in the hosts parameter:

~ $ cd /etc/postfix
~ $ cat mysql-users.cf
user = mysql-user
password = mysql-password
dbname = mysql-db
table = users
hosts = server1 server2 server3
query = select maildir from users where username='%s'

If you have configuration files for alias, domains, or more, you will have to make changes in these files too.

M	T	W	T	F	S	S
	1	2	3	4	5	6
7	8	9	10	11	12	13
14	15	16	17	18	19	20
21	22	23	24	25	26	27
28	29	30